X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f67.google.com (mail-lf0-f67.google.com [209.85.215.67]) by lists.alpinelinux.org (Postfix) with ESMTP id 926485C4FCE for ; Fri, 14 Apr 2017 12:32:30 +0000 (GMT) Received: by mail-lf0-f67.google.com with SMTP id x72so9951226lfb.1 for ; Fri, 14 Apr 2017 05:32:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=jFsaSQeqT+34RZ+Ji5btY6grApx+8Z6+VA47HgctNOg=; b=GY11SGUWnr1tZYhhFFSXyYAVgnrWKO/CJ9SvuNa82wf7W48Yr+bbEsHwoHdP8uJHTd Ngbt2e3GS9nVpN3EN6gd/VygSzg8Z+BKNkjBAQgFdmFberyv5EN6Fwu+WqCHexj6d+S3 WjJKKOIWb00s869oXPyhIV602yiWd+Xb3g/fE2N0jkKSzAmUUVruGgidSyZVYRvg1d2w DwhV085tAqu+lWalmOocW9KFF6XBiBUhcnmtBxdPwXVui6xgptI2d8ACmjnijtCyJSOR dU6mMwC2C2DY5gqWX6FBK1dIiWw70X2B1Kt/pqK48xU9I4qMh9wdUoWQhMvW0RX85UAo 8cNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=jFsaSQeqT+34RZ+Ji5btY6grApx+8Z6+VA47HgctNOg=; b=SJUytGXRXjwgm03i+gUrc3+MsjYGpuDUkYlqZgdB8N6zbyDUr/5UR1l/AdoBb+SnTL gbnW1st9n2uhDaEGvEXQyaXPfZhoAiL15ZRdRSMUb0UYG4d343EqB4/i2kBjBqm/TbOd zBx16qB5IV7xBVDc2kmvKHSI8UizzQXKYRIG9UH1q6yCwWmR3Afev6XuPjRJ6hVDioLX uwcEn3wxTDW1JDlG4vCfNYWiW6pd35Zpazi2eEyMs5YAMlQzZk/+F4stelxsERc6UFAZ +LPpLytTr7uAIsWFkNqbIT2/5AOP/b678mLiv3on1x1+i/zwizJnJPlSvwzghp9dnNQo GMLg== X-Gm-Message-State: AN3rC/7L/4Ls2GUUSKb4QZPDCwZwE2jzKPmmzGrw7OKGTloUhbCUPd40 L0e0h6IMJKhLnw== X-Received: by 10.25.79.73 with SMTP id a9mr2844102lfk.122.1492173149831; Fri, 14 Apr 2017 05:32:29 -0700 (PDT) Received: from edge.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id 2sm346852ljp.36.2017.04.14.05.32.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Apr 2017 05:32:28 -0700 (PDT) From: Sergei Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergei Lukin Subject: [alpine-aports] [PATCH edge] main/libsndfile: security upgrade to 1.0.28 - fixes #7149 Date: Fri, 14 Apr 2017 12:32:21 +0000 Message-Id: <20170414123221.9182-1-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.12.2 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2017-7585: Stack-based buffer overflow in flac_buffer_copy() CVE-2017-7741: invalid memory WRITE CVE-2017-7742: invalid memory READ --- main/libsndfile/APKBUILD | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/main/libsndfile/APKBUILD b/main/libsndfile/APKBUILD index b1a9bfdde7..81f9c4d6e4 100644 --- a/main/libsndfile/APKBUILD +++ b/main/libsndfile/APKBUILD @@ -1,6 +1,7 @@ +# Contributor: Sergei Lukin # Maintainer: Natanael Copa pkgname=libsndfile -pkgver=1.0.27 +pkgver=1.0.28 pkgrel=0 pkgdesc="A C library for reading and writing files containing sampled sound" url="http://www.mega-nerd.com/libsndfile" @@ -12,6 +13,12 @@ depends_dev="flac-dev libvorbis-dev libogg-dev" makedepends="linux-headers alsa-lib-dev $depends_dev" source="http://www.mega-nerd.com/$pkgname/files/$pkgname-$pkgver.tar.gz" +# secfixes: +# 1.0.28-r0: +# - CVE-2017-7585 +# - CVE-2017-7741 +# - CVE-2017-7742 + _builddir="$srcdir/$pkgname-$pkgver" prepare() { @@ -36,6 +43,4 @@ package() { cd "$_builddir" make DESTDIR="$pkgdir" install || return 1 } -md5sums="fd1d97c6077f03b5d984d7956ffedb7a libsndfile-1.0.27.tar.gz" -sha256sums="a391952f27f4a92ceb2b4c06493ac107896ed6c76be9a613a4731f076d30fac0 libsndfile-1.0.27.tar.gz" -sha512sums="8272e3219d64be01034d3f7f7565bf20075c04533469a963ad055f00767e9c2987463fb982894ddc1023d5d6c2338f55f8c3e6d2e36635484dde577a0d2ac770 libsndfile-1.0.27.tar.gz" +sha512sums="890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f libsndfile-1.0.28.tar.gz" -- 2.12.2 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---